Sven: Thank you very much, ladies and gentlemen. Thank you for having me. I will today talk about SQLite database forensics. My name is Sven Schmitt, as Bruce introduced correctly. I am a PhD student with Felix Freiling at the FAU University in Erlangen-Nuremberg, but actually, I only pursue my PhD during night-times and on the weekends, because I mainly work for law enforcement in Germany.

The topic that I’ve brought to Florence this time is ‘A Standardized Corpus for SQLite Database Forensics’. Basically, we will talk about forensic corpora in general, at the beginning. Then, we will introduce the forensic corpus that we created during this work, and I’ll who a little bit details about the tests and the results that we have, because we tested some tools against the corpus, and finally, we derived some points, some requirements that we think are useful for forensic tools in general.

BlackBag Technologies is proud to announce the first and only solution to produce a decrypted physical image of Apple’s latest Mac systems utilizing the T2 chip.

Current logical imaging solutions, including functionality available in the previous version of BlackBag’s own MacQuisition tool, and competing solutions like Sumuri Recon and EnCase, miss critical file system information that only this new level of physical access will be able to provide.

This vital imaging functionality will be available in the upcoming MacQuisition 2019 R1 release and the output will be seamlessly ingested for analysis by BlackLight 2019 R1.

This article is a recap of some of the main highlights from the Forensics Europe Expo 2019, which took place in London, UK on the 5th and 6th of March.

The Forensics Europe Expo has now run for seven years and is co-located with the Security & Counter Terror Expo at Olympia London. The expo has truly established itself as a must-visit event, with 2,500 professionals visiting exhibitors, attending seminars and workshops, and of course networking over the course of the two days.

The Expo offers the opportunity for visitors to experience first-hand innovative and cost effective solutions in the field of digital forensics and the more traditional wet forensics, provided by over 60 international suppliers. As well as the opportunity to attend the educational features where you can watch live demonstrations, there are also workshops on topics ranging from drone forensics to digital evidence management. All seminar sessions are CPD accredited.

Every year law enforcement officers identify and save thousands of children around the world from sexual abuse. Technology providers are constantly working on new solutions to help solve more crimes and save more children. And importantly to help the people doing the job who are swamped with thousands of images of CSA every day.

Thomas Chopitea and Aaron Peterson discuss their research at DFRWS US 2018.

Thomas: It’s our first time presenting here at DFRWS. It’s also my first time and Aaron’s first time attending. So, we’re pretty excited to be here. I’m Tom, this is Aaron. We both work at Google. We do forensics and incident response. So, this basically means that we write a lot of code, because we’re lazy and we like to do things automatically. Aaron is the core developer for [Turbinia], I’m one of the core developers of [dfTimewolf], which we will introduce in a minute.

We’re in this sweet position where we can write a lot of code and also use the same code that we write in our daily incidents. So, that’s pretty cool, because we don’t have to follow feature requests [… well, we do … between] both of us. But most of the time, we can get … since we’re in the same team, we can get things solved pretty fast. And we really know what to expect and what we want our tools to do. So, that’s pretty cool.

Amped Software has launched Amped Replay, a new tool which allows frontline police officers and investigators to quickly and easily view, analyze and present video evidence. With Amped Replay, non-specialist units can convert and play videos from a variety of proprietary formats, apply basic enhancements, annotate and redact images for investigations and media release, all while maintaining the integrity of the evidence and without having to rely on the availability of experts in the forensic video lab.

Video footage from CCTV and DVR systems, body-worn cameras, dash cams, mobile phones and social media can be crucial in progressing an investigation, especially in the “golden hour” when time is of the essence. However, with a multitude of proprietary video formats to consider, even playing and viewing the footage can be time-consuming and difficult. Powered by the same CCTV video conversion engine that sits behind Amped Software’s other solutions for forensic experts, Amped Replay solves this problem by enabling users to simply drag and drop the footage into the software, where it is ready to view.

In late 2016, South Korea was rocked by one of its biggest political corruption scandals in history that eventually led to former President Park Guen-Hye being impeached and jailed.

A special prosecutor was elected to proceed with the slew of bribery charges.

By law, investigators had limited days to investigate and prosecute. They had confiscated over several hundreds of smartphones as evidence. With more in the form of notebooks and desktops -- from suspects and needed to analyze tens of thousands of phone records and chat messages under a tight deadline. A single piece of evidence from any one of them could have been the smoking gun needed for a successful indictment.

Clearly, as The Guardian relates, the problem is endemic across industries, professions, and organizations. Yet burnout in the digital forensics world is unique. In addition to more typical work and life pressures, digital forensic examiners are faced with traumatic images and audio, long hours, and justice that often seems to be unevenly applied. Few other people understand the job or its stressors, and for those working counterterror investigations, operational security limits the possibility of “talk therapy” even further.